cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1471440 - in /cxf/branches/wss4j2.0-port: distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/ distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/ rt/...
Date Wed, 24 Apr 2013 14:37:12 GMT
Author: coheigea
Date: Wed Apr 24 14:37:11 2013
New Revision: 1471440

URL: http://svn.apache.org/r1471440
Log:
Added a CryptoCoverageChecker for the StaX code + tests

Added:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
      - copied, changed from r1471345, cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java
Modified:
    cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/Client.java
    cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/Server.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/resources/logging.properties

Modified: cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/Client.java?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/Client.java (original)
+++ cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/client/Client.java Wed Apr 24 14:37:11 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.BusFactory;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.hello_world_soap_http.Greeter;
 import org.apache.cxf.hello_world_soap_http.GreeterService;
+import org.apache.cxf.ws.security.wss4j.StaxCryptoCoverageChecker;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -99,12 +100,9 @@ public final class Client {
             properties.addSignaturePart(
                 new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
             );
-            /*
-             * TODO
             properties.addSignaturePart(
                 new SecurePart(new QName("http://www.w3.org/2005/08/addressing", "ReplyTo"), SecurePart.Modifier.Element)
             );
-            */
             properties.setCallbackHandler(new UTPasswordCallback());
             
             WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
@@ -118,16 +116,13 @@ public final class Client {
             WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
             bus.getInInterceptors().add(inhandler);
 
-            /*
-             * TODO
             // Check to make sure that the SOAP Body and Timestamp were signed,
             // and that the SOAP Body was encrypted
-            DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+            StaxCryptoCoverageChecker coverageChecker = new StaxCryptoCoverageChecker();
             coverageChecker.setSignBody(true);
             coverageChecker.setSignTimestamp(true);
             coverageChecker.setEncryptBody(true);
             bus.getInInterceptors().add(coverageChecker);
-            */
 
             GreeterService service = new GreeterService();
             Greeter port = service.getGreeterPort();

Modified: cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/Server.java?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/Server.java (original)
+++ cxf/branches/wss4j2.0-port/distribution/src/main/release/samples/ws_security/stax_sign_enc/src/main/java/demo/wssec/server/Server.java Wed Apr 24 14:37:11 2013
@@ -28,6 +28,7 @@ import javax.xml.ws.Endpoint;
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.ws.security.wss4j.StaxCryptoCoverageChecker;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -109,16 +110,13 @@ public class Server {
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         bus.getInInterceptors().add(inhandler);
 
-        /*
-         * TODO
         // Check to make sure that the SOAP Body and Timestamp were signed,
         // and that the SOAP Body was encrypted
-        DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+        StaxCryptoCoverageChecker coverageChecker = new StaxCryptoCoverageChecker();
         coverageChecker.setSignBody(true);
         coverageChecker.setSignTimestamp(true);
         coverageChecker.setEncryptBody(true);
         bus.getInInterceptors().add(coverageChecker);
-        */
 
         BusFactory.setDefaultBus(bus);
 

Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java?rev=1471440&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java Wed Apr 24 14:37:11 2013
@@ -0,0 +1,479 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.binding.soap.SoapFault;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.SoapVersion;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.Names;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event;
+
+/**
+ * This interceptor handles parsing the StaX WS-Security results (events) + checks that the
+ * specified crypto coverage events actually occurred. The default functionality is to enforce 
+ * that the SOAP Body, Timestamp, and WS-Addressing ReplyTo and FaultTo headers must be signed 
+ * (if they exist in the message payload).
+ * 
+ * Note that this interceptor must be explicitly added to the InInterceptor chain.
+ */
+public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMessage> {
+    public static final String SOAP_NS = WSConstants.URI_SOAP11_ENV;
+    public static final String SOAP12_NS = WSConstants.URI_SOAP12_ENV;
+    public static final String WSU_NS = WSConstants.WSU_NS;
+    public static final String WSSE_NS = WSConstants.WSSE_NS;
+    public static final String WSA_NS = Names.WSA_NAMESPACE_NAME;
+    
+    private boolean signBody;
+    private boolean signTimestamp;
+    private boolean encryptBody;
+    private boolean signAddressingHeaders;
+    private boolean signUsernameToken;
+    private boolean encryptUsernameToken;
+    
+    public StaxCryptoCoverageChecker() {
+        super(Phase.PRE_PROTOCOL);
+        
+        // Sign SOAP Body
+        setSignBody(true);
+        
+        // Sign Timestamp
+        setSignTimestamp(true);
+        
+        // Sign Addressing Headers
+        setSignAddressingHeaders(true);
+    }
+
+    @Override
+    public void handleMessage(SoapMessage soapMessage) throws Fault {
+        
+        @SuppressWarnings("unchecked")
+        final List<SecurityEvent> incomingSecurityEventList = 
+            (List<SecurityEvent>)soapMessage.get(SecurityEvent.class.getName() + ".in");
+        
+        List<SecurityEvent> results = new ArrayList<SecurityEvent>();
+        if (incomingSecurityEventList != null) {
+            // Get all Signed/Encrypted Results
+            results.addAll(
+                getEventFromResults(WSSecurityEventConstants.SignedPart, incomingSecurityEventList));
+            results.addAll(
+                getEventFromResults(WSSecurityEventConstants.SignedElement, incomingSecurityEventList));
+            
+            if (encryptBody || encryptUsernameToken) {
+                results.addAll(
+                    getEventFromResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList));
+                results.addAll(
+                    getEventFromResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList));
+            }
+        }
+        
+        try {
+            checkSignedBody(results);
+            checkEncryptedBody(results);
+            
+            if (signTimestamp) {
+                // We only insist on the Timestamp being signed if it is actually present in the message
+                List<SecurityEvent> timestampResults =
+                    getEventFromResults(WSSecurityEventConstants.Timestamp, incomingSecurityEventList);
+                if (!timestampResults.isEmpty()) {
+                    checkSignedTimestamp(results);
+                }
+            }
+            
+            if (signAddressingHeaders) {
+                AddressingProperties addressingProperties = 
+                    (AddressingProperties)soapMessage.get("javax.xml.ws.addressing.context.inbound");
+                checkSignedAddressing(results, addressingProperties);
+            }
+            
+            if (signUsernameToken || encryptUsernameToken) {
+                // We only insist on the UsernameToken being signed/encrypted if it is actually 
+                // present in the message
+                List<SecurityEvent> usernameTokenResults =
+                    getEventFromResults(WSSecurityEventConstants.UsernameToken, incomingSecurityEventList);
+                if (!usernameTokenResults.isEmpty()) {
+                    if (signUsernameToken) {
+                        checkSignedUsernameToken(results);
+                    }
+                    
+                    if (encryptUsernameToken) {
+                        checkEncryptedUsernameToken(results);
+                    }
+                }
+            }
+        } catch (WSSecurityException e) {
+            throw createSoapFault(soapMessage.getVersion(), e);
+        }
+    }
+    
+    private List<SecurityEvent> getEventFromResults(Event event, List<SecurityEvent> incomingSecurityEventList) {
+        List<SecurityEvent> results = new ArrayList<SecurityEvent>();
+        for (SecurityEvent incomingEvent : incomingSecurityEventList) {
+            if (event == incomingEvent.getSecurityEventType()) {
+                results.add(incomingEvent);
+            }
+        }
+        return results;
+    }
+    
+    private void checkSignedBody(List<SecurityEvent> results) throws WSSecurityException {
+        if (!signBody) {
+            return;
+        }
+        
+        boolean isBodySigned = false;
+        for (SecurityEvent signedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)signedEvent;
+            if (!securedEvent.isSigned()) {
+                continue;
+            }
+            
+            List<QName> signedPath = securedEvent.getElementPath();
+            if (isBody(signedPath)) {
+                isBodySigned = true;
+                break;
+            }
+        }
+        
+        if (!isBodySigned) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The SOAP Body is not signed"));
+        }
+    }
+    
+    private void checkEncryptedBody(List<SecurityEvent> results) throws WSSecurityException {
+        if (!encryptBody) {
+            return;
+        }
+        
+        boolean isBodyEncrypted = false;
+        for (SecurityEvent signedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)signedEvent;
+            if (!securedEvent.isEncrypted()) {
+                continue;
+            }
+            
+            List<QName> encryptedPath = securedEvent.getElementPath();
+            if (isBody(encryptedPath)) {
+                isBodyEncrypted = true;
+                break;
+            }
+        }
+        
+        if (!isBodyEncrypted) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The SOAP Body is not encrypted"));
+        }
+    }
+    
+    private void checkSignedTimestamp(List<SecurityEvent> results) throws WSSecurityException {
+        if (!signTimestamp) {
+            return;
+        }
+        
+        boolean isTimestampSigned = false;
+        for (SecurityEvent signedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)signedEvent;
+            if (!securedEvent.isSigned()) {
+                continue;
+            }
+            
+            List<QName> signedPath = securedEvent.getElementPath();
+            if (isTimestamp(signedPath)) {
+                isTimestampSigned = true;
+                break;
+            }
+        }
+        
+        if (!isTimestampSigned) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The Timestamp is not signed"));
+        }
+    }
+    
+    private void checkSignedAddressing(
+        List<SecurityEvent> results,
+        AddressingProperties addressingProperties
+    ) throws WSSecurityException {
+        if (!signAddressingHeaders || addressingProperties == null
+            || (addressingProperties.getReplyTo() == null && addressingProperties.getFaultTo() == null)) {
+            return;
+        }
+        
+        boolean isReplyToSigned = false;
+        boolean isFaultToSigned = false;
+        for (SecurityEvent signedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)signedEvent;
+            if (!securedEvent.isSigned()) {
+                continue;
+            }
+            
+            List<QName> signedPath = securedEvent.getElementPath();
+            if (isReplyTo(signedPath)) {
+                isReplyToSigned = true;
+            } 
+            if (isFaultTo(signedPath)) {
+                isFaultToSigned = true;
+            }
+            
+            if (isReplyToSigned && isFaultToSigned) {
+                break;
+            }
+        }
+        
+        if (!isReplyToSigned && (addressingProperties.getReplyTo() != null)) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The Addressing headers are not signed"));
+        }
+        
+        if (!isFaultToSigned && (addressingProperties.getFaultTo() != null)) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The Addressing headers are not signed"));
+        }
+    }
+    
+    private void checkSignedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
+        if (!signUsernameToken) {
+            return;
+        }
+        
+        boolean isUsernameTokenSigned = false;
+        for (SecurityEvent signedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)signedEvent;
+            if (!securedEvent.isSigned()) {
+                continue;
+            }
+            
+            List<QName> signedPath = securedEvent.getElementPath();
+            if (isUsernameToken(signedPath)) {
+                isUsernameTokenSigned = true;
+                break;
+            }
+        }
+        
+        if (!isUsernameTokenSigned) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The UsernameToken is not signed"));
+        }
+    }
+    
+    private void checkEncryptedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
+        if (!encryptUsernameToken) {
+            return;
+        }
+        
+        boolean isUsernameTokenEncrypted = false;
+        for (SecurityEvent encryptedEvent : results) {
+            AbstractSecuredElementSecurityEvent securedEvent = 
+                (AbstractSecuredElementSecurityEvent)encryptedEvent;
+            if (!securedEvent.isEncrypted()) {
+                continue;
+            }
+            
+            List<QName> encryptedPath = securedEvent.getElementPath();
+            if (isUsernameToken(encryptedPath)) {
+                isUsernameTokenEncrypted = true;
+                break;
+            }
+        }
+        
+        if (!isUsernameTokenEncrypted) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+                                          new Exception("The UsernameToken is not encrypted"));
+        }
+    }
+    
+    private boolean isEnvelope(QName qname) {
+        if ("Envelope".equals(qname.getLocalPart())
+            && (SOAP_NS.equals(qname.getNamespaceURI()) 
+                || SOAP12_NS.equals(qname.getNamespaceURI()))) {
+            return true;
+        }
+        return false;
+    }
+    
+    private boolean isSoapHeader(QName qname) {
+        if ("Header".equals(qname.getLocalPart())
+            && (SOAP_NS.equals(qname.getNamespaceURI()) 
+                || SOAP12_NS.equals(qname.getNamespaceURI()))) {
+            return true;
+        }
+        return false;
+    }
+    
+    private boolean isSecurityHeader(QName qname) {
+        if ("Security".equals(qname.getLocalPart()) && WSSE_NS.equals(qname.getNamespaceURI())) {
+            return true;
+        }
+        return false;
+    }
+    
+    private boolean isTimestamp(List<QName> qnames) {
+        if (qnames != null && qnames.size() == 4
+            && isEnvelope(qnames.get(0))
+            && isSoapHeader(qnames.get(1))
+            && isSecurityHeader(qnames.get(2))
+            && "Timestamp".equals(qnames.get(3).getLocalPart())
+            && WSU_NS.equals(qnames.get(3).getNamespaceURI())) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private boolean isReplyTo(List<QName> qnames) {
+        if (qnames != null && qnames.size() == 3
+            && isEnvelope(qnames.get(0))
+            && isSoapHeader(qnames.get(1))
+            && "ReplyTo".equals(qnames.get(2).getLocalPart())
+            && WSA_NS.equals(qnames.get(2).getNamespaceURI())) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private boolean isFaultTo(List<QName> qnames) {
+        if (qnames != null && qnames.size() == 3
+            && isEnvelope(qnames.get(0))
+            && isSoapHeader(qnames.get(1))
+            && "FaultTo".equals(qnames.get(2).getLocalPart())
+            && WSA_NS.equals(qnames.get(2).getNamespaceURI())) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    private boolean isBody(List<QName> qnames) {
+        if (qnames != null && qnames.size() == 2
+            && isEnvelope(qnames.get(0))
+            && "Body".equals(qnames.get(1).getLocalPart())
+            && (SOAP_NS.equals(qnames.get(1).getNamespaceURI()) 
+                || SOAP12_NS.equals(qnames.get(1).getNamespaceURI()))) {
+            return true;
+        }
+
+        return false;
+    }
+    
+    private boolean isUsernameToken(List<QName> qnames) {
+        if (qnames != null && qnames.size() == 4
+            && isEnvelope(qnames.get(0))
+            && isSoapHeader(qnames.get(1))
+            && isSecurityHeader(qnames.get(2))
+            && "UsernameToken".equals(qnames.get(3).getLocalPart())
+            && WSSE_NS.equals(qnames.get(3).getNamespaceURI())) {
+            return true;
+        }
+        
+        return false;
+    }
+    
+    public boolean isSignBody() {
+        return signBody;
+    }
+
+    public final void setSignBody(boolean signBody) {
+        this.signBody = signBody;
+    }
+
+    public boolean isSignTimestamp() {
+        return signTimestamp;
+    }
+
+    public final void setSignTimestamp(boolean signTimestamp) {
+        this.signTimestamp = signTimestamp;
+    }
+
+    public boolean isEncryptBody() {
+        return encryptBody;
+    }
+
+    public final void setEncryptBody(boolean encryptBody) {
+        this.encryptBody = encryptBody;
+    }
+
+    public boolean isSignAddressingHeaders() {
+        return signAddressingHeaders;
+    }
+
+    public final void setSignAddressingHeaders(boolean signAddressingHeaders) {
+        this.signAddressingHeaders = signAddressingHeaders;
+    }
+    
+    /**
+     * Create a SoapFault from a WSSecurityException, following the SOAP Message Security
+     * 1.1 specification, chapter 12 "Error Handling".
+     * 
+     * When the Soap version is 1.1 then set the Fault/Code/Value from the fault code
+     * specified in the WSSecurityException (if it exists).
+     * 
+     * Otherwise set the Fault/Code/Value to env:Sender and the Fault/Code/Subcode/Value
+     * as the fault code from the WSSecurityException.
+     */
+    private SoapFault 
+    createSoapFault(SoapVersion version, WSSecurityException e) {
+        SoapFault fault;
+        javax.xml.namespace.QName faultCode = e.getFaultCode();
+        if (version.getVersion() == 1.1 && faultCode != null) {
+            fault = new SoapFault(e.getMessage(), e, faultCode);
+        } else {
+            fault = new SoapFault(e.getMessage(), e, version.getSender());
+            if (version.getVersion() != 1.1 && faultCode != null) {
+                fault.setSubCode(faultCode);
+            }
+        }
+        return fault;
+    }
+
+    public boolean isSignUsernameToken() {
+        return signUsernameToken;
+    }
+
+    public void setSignUsernameToken(boolean signUsernameToken) {
+        this.signUsernameToken = signUsernameToken;
+    }
+
+    public boolean isEncryptUsernameToken() {
+        return encryptUsernameToken;
+    }
+
+    public void setEncryptUsernameToken(boolean encryptUsernameToken) {
+        this.encryptUsernameToken = encryptUsernameToken;
+    }
+}

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java Wed Apr 24 14:37:11 2013
@@ -281,6 +281,42 @@ public class DOMToStaxRoundTripTest exte
 
         assertEquals("test", echo.echo("test"));
     }
+    
+    @Test
+    public void testSignedUsernameToken() throws Exception {
+        // Create + configure service
+        Service service = createService();
+        
+        WSSSecurityProperties inProperties = new WSSSecurityProperties();
+        inProperties.setCallbackHandler(new TestPwdCallback());
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
+        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
+        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
+        service.getInInterceptors().add(inhandler);
+        
+        // Create + configure client
+        Echo echo = createClientProxy();
+        
+        Client client = ClientProxy.getClient(echo);
+        client.getInInterceptors().add(new LoggingInInterceptor());
+        client.getOutInterceptors().add(new LoggingOutInterceptor());
+        
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.USERNAME_TOKEN
+        );
+        properties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback());
+        properties.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
+        properties.put(WSHandlerConstants.USER, "myalias");
+        
+        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
+        client.getOutInterceptors().add(ohandler);
+
+        assertEquals("test", echo.echo("test"));
+    }
+
 
     @Test
     public void testTimestamp() throws Exception {

Copied: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java (from r1471345, cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java?p2=cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java&p1=cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java&r1=1471345&r2=1471440&rev=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java Wed Apr 24 14:37:11 2013
@@ -34,29 +34,32 @@ import org.apache.cxf.transport.local.Lo
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
-import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.junit.Test;
 
 
 /**
+ * A test for streaming WS-Security with the Crypto Coverage Checker installed
  */
-public class StaxRoundTripTest extends AbstractSecurityTest {
+public class StaxCryptoCoverageCheckerTest extends AbstractSecurityTest {
     
     @Test
-    public void testUsernameTokenText() throws Exception {
+    public void testEncryptedBody() throws Exception {
         // Create + configure service
         Service service = createService();
         
         WSSSecurityProperties inProperties = new WSSSecurityProperties();
         inProperties.setCallbackHandler(new TestPwdCallback());
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
+        inProperties.setDecryptionCryptoProperties(cryptoProperties);
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
-        WSS4JPrincipalInterceptor principalInterceptor = new WSS4JPrincipalInterceptor();
-        principalInterceptor.setPrincipalName("username");
         service.getInInterceptors().add(inhandler);
-        service.getInInterceptors().add(principalInterceptor);
-
+        
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -65,18 +68,29 @@ public class StaxRoundTripTest extends A
         client.getOutInterceptors().add(new LoggingOutInterceptor());
         
         WSSSecurityProperties properties = new WSSSecurityProperties();
-        properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN});
-        properties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
-        properties.setTokenUser("username");
+        properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.ENCRYPT});
+        properties.setEncryptionUser("myalias");
+        
+        Properties outCryptoProperties = 
+            CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
+        properties.setEncryptionCryptoProperties(outCryptoProperties);
         properties.setCallbackHandler(new TestPwdCallback());
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
 
+        try {
+            echo.echo("test");
+            fail("Failure expected as SOAP Body isn't signed");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        
+        checker.setSignBody(false);
         assertEquals("test", echo.echo("test"));
     }
     
     @Test
-    public void testUsernameTokenDigest() throws Exception {
+    public void testUsernameToken() throws Exception {
         // Create + configure service
         Service service = createService();
         
@@ -88,6 +102,11 @@ public class StaxRoundTripTest extends A
         service.getInInterceptors().add(inhandler);
         service.getInInterceptors().add(principalInterceptor);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        checker.setSignBody(false);
+        checker.setEncryptUsernameToken(true);
+        service.getInInterceptors().add(checker);
+
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -97,17 +116,25 @@ public class StaxRoundTripTest extends A
         
         WSSSecurityProperties properties = new WSSSecurityProperties();
         properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN});
-        properties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
+        properties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
         properties.setTokenUser("username");
         properties.setCallbackHandler(new TestPwdCallback());
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
 
+        try {
+            echo.echo("test");
+            fail("Failure expected as UsernameToken isn't encrypted");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+
+        checker.setEncryptUsernameToken(false);
         assertEquals("test", echo.echo("test"));
     }
     
     @Test
-    public void testEncrypt() throws Exception {
+    public void testEncryptUsernameToken() throws Exception {
         // Create + configure service
         Service service = createService();
         
@@ -119,6 +146,11 @@ public class StaxRoundTripTest extends A
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         service.getInInterceptors().add(inhandler);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        checker.setSignBody(false);
+        checker.setEncryptUsernameToken(true);
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -127,8 +159,14 @@ public class StaxRoundTripTest extends A
         client.getOutInterceptors().add(new LoggingOutInterceptor());
         
         WSSSecurityProperties properties = new WSSSecurityProperties();
-        properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.ENCRYPT});
+        properties.setOutAction(
+            new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.ENCRYPT}
+        );
+        properties.addEncryptionPart(
+            new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
+        );
         properties.setEncryptionUser("myalias");
+        properties.setTokenUser("username");
         
         Properties outCryptoProperties = 
             CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
@@ -138,10 +176,18 @@ public class StaxRoundTripTest extends A
         client.getOutInterceptors().add(ohandler);
 
         assertEquals("test", echo.echo("test"));
+        
+        checker.setSignUsernameToken(true);
+        try {
+            echo.echo("test");
+            fail("Failure expected as UsernameToken isn't signed");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
     }
     
     @Test
-    public void testEncryptUsernameToken() throws Exception {
+    public void testSignedUsernameToken() throws Exception {
         // Create + configure service
         Service service = createService();
         
@@ -149,10 +195,15 @@ public class StaxRoundTripTest extends A
         inProperties.setCallbackHandler(new TestPwdCallback());
         Properties cryptoProperties = 
             CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
-        inProperties.setDecryptionCryptoProperties(cryptoProperties);
+        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         service.getInInterceptors().add(inhandler);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        checker.setSignBody(false);
+        checker.setSignUsernameToken(true);
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -161,23 +212,35 @@ public class StaxRoundTripTest extends A
         client.getOutInterceptors().add(new LoggingOutInterceptor());
         
         WSSSecurityProperties properties = new WSSSecurityProperties();
-        properties.setOutAction(
-            new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.ENCRYPT}
-        );
-        properties.addEncryptionPart(
+        properties.setOutAction(new XMLSecurityConstants.Action[] {
+            WSSConstants.USERNAMETOKEN, WSSConstants.SIGNATURE
+        });
+        properties.setSignatureUser("myalias");
+        
+        properties.addSignaturePart(
             new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
         );
-        properties.setEncryptionUser("myalias");
-        properties.setTokenUser("username");
+        properties.addSignaturePart(
+            new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
+        );
         
         Properties outCryptoProperties = 
             CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
-        properties.setEncryptionCryptoProperties(outCryptoProperties);
+        properties.setSignatureCryptoProperties(outCryptoProperties);
+        properties.setTokenUser("username");
         properties.setCallbackHandler(new TestPwdCallback());
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
 
         assertEquals("test", echo.echo("test"));
+        
+        checker.setEncryptUsernameToken(true);
+        try {
+            echo.echo("test");
+            fail("Failure expected as UsernameToken isn't encrypted");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
     }
     
     @Test
@@ -196,6 +259,9 @@ public class StaxRoundTripTest extends A
         service.getInInterceptors().add(inhandler);
         service.getInInterceptors().add(principalInterceptor);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -215,6 +281,14 @@ public class StaxRoundTripTest extends A
         client.getOutInterceptors().add(ohandler);
 
         assertEquals("test", echo.echo("test"));
+        
+        checker.setEncryptBody(true);
+        try {
+            echo.echo("test");
+            fail("Failure expected as SOAP Body isn't encrypted");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
     }
     
     @Test
@@ -226,6 +300,10 @@ public class StaxRoundTripTest extends A
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         service.getInInterceptors().add(inhandler);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        checker.setSignBody(false);
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -238,7 +316,15 @@ public class StaxRoundTripTest extends A
         
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
+        
+        try {
+            echo.echo("test");
+            fail("Failure expected as Timestamp isn't signed");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
 
+        checker.setSignTimestamp(false);
         assertEquals("test", echo.echo("test"));
     }
     
@@ -255,6 +341,9 @@ public class StaxRoundTripTest extends A
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         service.getInInterceptors().add(inhandler);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -285,50 +374,6 @@ public class StaxRoundTripTest extends A
     }
     
     @Test
-    public void testSignaturePKI() throws Exception {
-        // Create + configure service
-        Service service = createService();
-        
-        WSSSecurityProperties inProperties = new WSSSecurityProperties();
-        inProperties.setCallbackHandler(new TestPwdCallback());
-        Properties cryptoProperties = 
-            CryptoFactory.getProperties("cxfca.properties", this.getClass().getClassLoader());
-        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
-        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
-        WSS4JPrincipalInterceptor principalInterceptor = new WSS4JPrincipalInterceptor();
-        principalInterceptor.setPrincipalName("CN=alice,OU=eng,O=apache.org");
-        service.getInInterceptors().add(inhandler);
-        service.getInInterceptors().add(principalInterceptor);
-        
-        // Create + configure client
-        Echo echo = createClientProxy();
-        
-        Client client = ClientProxy.getClient(echo);
-        client.getInInterceptors().add(new LoggingInInterceptor());
-        client.getOutInterceptors().add(new LoggingOutInterceptor());
-        
-        WSSSecurityProperties properties = new WSSSecurityProperties();
-        properties.setOutAction(
-            new XMLSecurityConstants.Action[]{WSSConstants.SIGNATURE}
-        );
-        properties.setSignatureUser("alice");
-        
-        Properties outCryptoProperties = 
-            CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
-        properties.setSignatureCryptoProperties(outCryptoProperties);
-        properties.setCallbackHandler(new KeystorePasswordCallback());
-        properties.setUseSingleCert(true);
-        properties.setSignatureKeyIdentifier(
-            WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
-        );
-        
-        WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
-        client.getOutInterceptors().add(ohandler);
-
-        assertEquals("test", echo.echo("test"));
-    }
-    
-    @Test
     public void testEncryptSignature() throws Exception {
         // Create + configure service
         Service service = createService();
@@ -342,6 +387,9 @@ public class StaxRoundTripTest extends A
         WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
         service.getInInterceptors().add(inhandler);
         
+        StaxCryptoCoverageChecker checker = new StaxCryptoCoverageChecker();
+        service.getInInterceptors().add(checker);
+        
         // Create + configure client
         Echo echo = createClientProxy();
         
@@ -367,61 +415,6 @@ public class StaxRoundTripTest extends A
         assertEquals("test", echo.echo("test"));
     }
     
-    @Test
-    public void testSignatureConfirmation() throws Exception {
-        // Create + configure service
-        Service service = createService();
-        
-        WSSSecurityProperties inProperties = new WSSSecurityProperties();
-        inProperties.setCallbackHandler(new TestPwdCallback());
-        Properties cryptoProperties = 
-            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
-        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
-        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
-        service.getInInterceptors().add(inhandler);
-        
-        WSSSecurityProperties outProperties = new WSSSecurityProperties();
-        outProperties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.SIGNATURE});
-        outProperties.setSignatureUser("myalias");
-        outProperties.setEnableSignatureConfirmation(true);
-        
-        Properties outCryptoProperties = 
-            CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
-        outProperties.setSignatureCryptoProperties(outCryptoProperties);
-        outProperties.setCallbackHandler(new TestPwdCallback());
-        WSS4JStaxOutInterceptor staxOhandler = new WSS4JStaxOutInterceptor(outProperties);
-        service.getOutInterceptors().add(staxOhandler);
-        
-        // Create + configure client
-        Echo echo = createClientProxy();
-        
-        Client client = ClientProxy.getClient(echo);
-        client.getInInterceptors().add(new LoggingInInterceptor());
-        client.getOutInterceptors().add(new LoggingOutInterceptor());
-        
-        WSSSecurityProperties properties = new WSSSecurityProperties();
-        properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.SIGNATURE});
-        properties.setSignatureUser("myalias");
-        
-        Properties clientOutCryptoProperties = 
-            CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
-        properties.setSignatureCryptoProperties(clientOutCryptoProperties);
-        properties.setCallbackHandler(new TestPwdCallback());
-        WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
-        client.getOutInterceptors().add(ohandler);
-        
-        WSSSecurityProperties staxInProperties = new WSSSecurityProperties();
-        staxInProperties.setCallbackHandler(new TestPwdCallback());
-        Properties staxInCryptoProperties = 
-            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
-        staxInProperties.setSignatureVerificationCryptoProperties(staxInCryptoProperties);
-        staxInProperties.setEnableSignatureConfirmationVerification(true);
-        WSS4JStaxInInterceptor inhandler2 = new WSS4JStaxInInterceptor(staxInProperties);
-        client.getInInterceptors().add(inhandler2);
-
-        assertEquals("test", echo.echo("test"));
-    }
-    
     private Service createService() {
         // Create the Service
         JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java Wed Apr 24 14:37:11 2013
@@ -218,6 +218,53 @@ public class StaxRoundTripTest extends A
     }
     
     @Test
+    public void testSignedUsernameToken() throws Exception {
+        // Create + configure service
+        Service service = createService();
+        
+        WSSSecurityProperties inProperties = new WSSSecurityProperties();
+        inProperties.setCallbackHandler(new TestPwdCallback());
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
+        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
+        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
+        WSS4JPrincipalInterceptor principalInterceptor = new WSS4JPrincipalInterceptor();
+        principalInterceptor.setPrincipalName("username");
+        service.getInInterceptors().add(inhandler);
+        service.getInInterceptors().add(principalInterceptor);
+        
+        // Create + configure client
+        Echo echo = createClientProxy();
+        
+        Client client = ClientProxy.getClient(echo);
+        client.getInInterceptors().add(new LoggingInInterceptor());
+        client.getOutInterceptors().add(new LoggingOutInterceptor());
+        
+        WSSSecurityProperties properties = new WSSSecurityProperties();
+        properties.setOutAction(new XMLSecurityConstants.Action[] {
+            WSSConstants.SIGNATURE, WSSConstants.USERNAMETOKEN
+        });
+        properties.setSignatureUser("myalias");
+        
+        properties.addSignaturePart(
+            new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
+        );
+        properties.addSignaturePart(
+            new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
+        );
+        
+        Properties outCryptoProperties = 
+            CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
+        properties.setSignatureCryptoProperties(outCryptoProperties);
+        properties.setTokenUser("username");
+        properties.setCallbackHandler(new TestPwdCallback());
+        WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
+        client.getOutInterceptors().add(ohandler);
+
+        assertEquals("test", echo.echo("test"));
+    }
+    
+    @Test
     public void testTimestamp() throws Exception {
         // Create + configure service
         Service service = createService();

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java Wed Apr 24 14:37:11 2013
@@ -291,6 +291,52 @@ public class StaxToDOMRoundTripTest exte
     }
     
     @Test
+    public void testSignedUsernameToken() throws Exception {
+        // Create + configure service
+        Service service = createService();
+        
+        Map<String, Object> inProperties = new HashMap<String, Object>();
+        inProperties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.USERNAME_TOKEN
+        );
+        inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new TestPwdCallback());
+        inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties");
+        WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
+        service.getInInterceptors().add(inInterceptor);
+        
+        // Create + configure client
+        Echo echo = createClientProxy();
+        
+        Client client = ClientProxy.getClient(echo);
+        client.getInInterceptors().add(new LoggingInInterceptor());
+        client.getOutInterceptors().add(new LoggingOutInterceptor());
+        
+        WSSSecurityProperties properties = new WSSSecurityProperties();
+        properties.setOutAction(new XMLSecurityConstants.Action[] {
+            WSSConstants.SIGNATURE, WSSConstants.USERNAMETOKEN
+        });
+        properties.setSignatureUser("myalias");
+        
+        properties.addSignaturePart(
+            new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
+        );
+        properties.addSignaturePart(
+            new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element)
+        );
+        
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
+        properties.setSignatureCryptoProperties(cryptoProperties);
+        properties.setTokenUser("username");
+        properties.setCallbackHandler(new TestPwdCallback());
+        WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
+        client.getOutInterceptors().add(ohandler);
+
+        assertEquals("test", echo.echo("test"));
+    }
+    
+    @Test
     public void testTimestamp() throws Exception {
         // Create + configure service
         Service service = createService();

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/resources/logging.properties
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/resources/logging.properties?rev=1471440&r1=1471439&r2=1471440&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/resources/logging.properties (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/resources/logging.properties Wed Apr 24 14:37:11 2013
@@ -46,7 +46,7 @@
 # can be overriden by a facility specific level
 # Note that the ConsoleHandler also has a separate level
 # setting to limit messages printed to the console.
-.level= FINE
+.level= INFO
 
 ############################################################
 # Handler specific properties.
@@ -60,7 +60,7 @@ java.util.logging.FileHandler.count = 1
 java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
 
 # Limit the message that are printed on the console to INFO and above.
-java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.level = INFO
 java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
 
 



Mime
View raw message